Vulnerabilities > CVE-2020-1651 - Memory Leak vulnerability in Juniper Junos

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

low complexity

juniper

CWE-401

NVD

Published: 2020-07-17

Updated: 2021-10-19

Summary

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 17.2 Juniper Junos 17.2X75 Juniper Junos 17.3 Juniper Junos 17.4 Juniper Junos 18.1	39
Hardware	Juniper Juniper Mx10 - Juniper Mx10000 - Juniper Mx10003 - Juniper Mx104 - Juniper Mx150 - Juniper Mx2008 - Juniper Mx2010 - Juniper Mx2020 - Juniper Mx204 - Juniper Mx240 - Juniper Mx40 - Juniper Mx480 - Juniper MX5 - Juniper Mx80 - Juniper Mx960 -	15

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://kb.juniper.net/JSA11038